8413ed9475
allow to set valid scopes only in AccountProperty
...
the auto-fallback to v2-local is removed as well to react on wrong input
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-05-12 01:31:15 +02:00
1089ad5d9e
Merge pull request #26877 from nextcloud/chore/query-builder-execute-statement
...
Rename IQueryBuilder::executeUpdate to IQueryBuilder::executeStatement
2021-05-05 14:19:02 +02:00
784b059a01
Don't break OCC if an app is breaking in it's Application class
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-05-05 10:41:18 +02:00
865661ed75
Rename IQueryBuilder::executeUpdate to IQueryBuilder::executeStatement
...
Because executeUpdate wasn't a great name. And in DBAL they also use
executeStatement more consistently now.
Ref https://github.com/doctrine/dbal/issues/4607
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-05-05 10:31:54 +02:00
1e2cf820c8
Filter mounts for file id before trying to get user information
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-04-30 07:55:38 +02:00
3b074c811a
Inject the repair job only once
...
Since we backproted we should do a better check. Else we run the code
again for everybody upgrading to 22.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-04-29 20:23:12 +02:00
ef6f2e68f0
explicitly close source stream on object store upload even if count wrapper isn't needed
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-04-29 17:01:19 +02:00
758a662b23
Do not try to contact lookup server if not needed
...
In some cases (for example you never send data to the lookup server)
there is no need for this job to even try.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-04-28 14:27:46 +02:00
6a5d89c1ac
Merge pull request #26758 from J0WI/more-strict
...
Some more strict_types
2021-04-28 09:28:19 +02:00
99f0b10421
Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger
...
Less ILogger
2021-04-27 15:38:12 +02:00
48c50277a9
Merge pull request #26718 from nextcloud/bugfix/noid/fix-ratelimit-template
...
Fix ratelimit template
2021-04-27 15:18:02 +02:00
c52a026f55
Merge pull request #26572 from nextcloud/bugfix/noid/throw-401-when-authentication-is-provided-and-invalid
...
Throw "401 Unauthenticated" when authentication is provided but invalid
2021-04-27 14:37:28 +02:00
2d75868935
Fix PHP CS
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 14:34:33 +02:00
29a66a5e49
Fix PHP CS
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 14:34:32 +02:00
167efa19d7
Fix psalm errors
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 14:34:32 +02:00
df47445c01
Fix unit tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 14:34:32 +02:00
56ae87c281
Less ILogger
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 14:34:32 +02:00
13b37a5255
Do not allow to overwrite some variables
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 13:55:35 +02:00
174f4dd043
Fix ratelimit template
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 13:55:34 +02:00
21ed3419f3
Log deprecation only as debug
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-26 16:19:03 +02:00
8d9e5e0b91
Respect the error level when logging
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-26 14:18:18 +02:00
aa651fd629
Merge pull request #26259 from nextcloud/feature/noid/validate-website-to-be-valid
...
Validate the website field input to be a valid URL
2021-04-26 13:56:01 +02:00
e1a3000cbe
Merge pull request #26747 from nextcloud/php8-libxml
...
Fix installer deprecation warnings for PHP 8
2021-04-26 12:44:38 +02:00
efc5c57a79
Some more strict_types
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2021-04-26 12:33:45 +02:00
bf9ed2d3cd
Merge pull request #26721 from nextcloud/fix/noid/final-private
...
private cannot be final
2021-04-26 09:04:18 +02:00
3d900b1e58
PHP 8+ deprecates openssl_free_key
2021-04-25 13:50:23 +02:00
5882648cac
Only use libxml_disable_entity_loader on PHP<8
2021-04-25 13:45:14 +02:00
bb32880ec4
private cannot be final
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2021-04-23 11:00:10 -01:00
7159a70894
Guard against null phone number value
...
"parsePhoneNumber()" expects a string, so a TypeError would be thrown if
the phone number value is null.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2021-04-23 11:44:42 +02:00
012f791c8f
Merge pull request #26375 from nextcloud/techdebt/noid/symfony-component-translation-pluralization-rules-is-deprecated
...
"Symfony\Component\Translation\PluralizationRules" is deprecated
2021-04-22 21:20:16 +02:00
d80cc76ee7
Validate the website field input to be a valid URL
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-22 16:34:13 +02:00
521bb30541
Throw "401 Unauthenticated" when authentication is provided but invalid
...
E.g. with an AppToken that has been revoked
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-22 15:28:43 +02:00
393309b98f
Merge pull request #25714 from nextcloud/fix/23197/explicitly_check_hex2bin_input
...
Explicitly check hex2bin input
2021-04-22 13:23:39 +02:00
effb7dc8ba
set mimetype for objects uploaded to object storages
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-04-21 15:25:58 +02:00
0d5f4edc22
adjust tests
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-04-21 14:09:07 +02:00
e8221303e9
use search query for Folder::getRecent
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-04-21 13:56:04 +02:00
a34085e1a2
Move 2fa backupscode to new registration
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-04-20 21:01:16 +02:00
5ee9e1f784
Move 2FA registration to IBootstrap
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-04-20 21:01:16 +02:00
46872e3921
Merge pull request #26617 from nextcloud/fix/oracle-column-check-unrelated-migrations
...
Do not check Oracle column constraints in unrelated migrations
2021-04-20 20:49:06 +02:00
f31d24dd7a
Merge pull request #26647 from nextcloud/bugfix/noid/empty-filename
...
Fail when creating new files with an empty path
2021-04-20 20:47:16 +02:00
3cf447ac44
Fix PHP CS
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-20 16:43:43 +02:00
2b8e47dcac
Correclty use plural for share exception
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-20 16:43:40 +02:00
5a514a9a41
Correctly replace all PHP placeholders with the parameters
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-20 16:42:05 +02:00
439457d2b4
Fix languages that miss a string in the translation
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-20 16:42:04 +02:00
a4c6749b02
Add a check for the pipe character
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-20 16:42:04 +02:00
157147cb8e
"Symfony\Component\Translation\PluralizationRules" is deprecated
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-20 16:42:04 +02:00
f8d1ee5cfa
ignore mail shares of related remote share results
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-04-20 14:02:35 +02:00
8398762d78
Fail when creating new files with an empty path
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-04-20 11:20:20 +02:00
ca7b37ce5a
Make Security module strict
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2021-04-19 17:31:12 +02:00
2ab8268128
Do not check Oracle column constraints in unrelated migrations
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-04-19 13:05:34 +02:00
808e589035
Allow registering NotifierServices trough IBootstrap
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-04-16 13:56:28 +02:00
af61486aea
Separate settings for remote share expiration
...
Added separate settings for default and enforced expiration date for
remote shares.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-04-15 10:06:09 +02:00
8680bafc5c
Implement expiration date for federated shares
...
Add expiration date field in UI.
Save expiration date when creating or updating federated share.
Read expiration date from DB in federated share provider.
Applies to both federated user and group shares.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-04-15 10:02:00 +02:00
f031dd61c1
Merge pull request #26551 from nextcloud/fix/noid/redis-exists-bool
...
ensure redis returns bool for hasKey
2021-04-14 13:37:23 +02:00
9f5480eef4
ensure redis returns bool for hasKey
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-04-13 23:07:54 +02:00
74a7c2eefc
Use correct getSystemValue type
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2021-04-12 22:54:50 +02:00
789bb0d0ac
Merge pull request #26266 from nextcloud/future-proof-networking
...
Improve networking checks
2021-04-12 12:42:33 +02:00
2bedbc1793
Merge pull request #26439 from nextcloud/increase-subnet-matcher
...
Increase subnet matcher
2021-04-08 14:48:27 +02:00
2befac662c
Limit size of properties to 2048 characters
...
It is unreasonable to expect that one of these fields would be longer
than 2048 characters. Whilst some have definitely lower limits (such as
for phone numbers or domain names), a upper bound as sanity check makes
sense.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-04-08 11:55:51 +02:00
e5a4236e68
Increase subnet matcher
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-04-07 12:28:59 +00:00
4b4971ab52
Merge pull request #24966 from nextcloud/jknockaert-patch-1
...
avoid fread on directories and unencrypted files
2021-04-06 13:45:10 +02:00
5fe1f134f9
Strictify null check
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-04-06 11:39:24 +00:00
5f3abffe6f
Improve networking checks
...
Whilst we currently state that SSRF is generally outside of our threat model, this is something where we should invest to improve this.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-04-06 11:37:47 +00:00
5fb909faa5
Merge pull request #24055 from nextcloud/bugfix/noid/enfore-no-notnull-for-boolean-to-store-false
...
Enforce no notnull for boolean to store false
2021-04-01 18:30:26 +02:00
6fd571461c
Properly handle creating the template directory in a subfolder ( fixes #25787 )
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-04-01 13:48:21 +02:00
37591f05dc
Get the parent directory before creating a file from a template
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-04-01 13:48:21 +02:00
bbc64cfabc
Merge pull request #26394 from nextcloud/feature/noid/updatable-account-data
...
Allow apps to write/update account data
2021-04-01 08:05:54 +02:00
65b78515bd
make ILDAPProviderFactory usable when there is no ldap setup
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-31 15:23:33 +02:00
fcedbc85d0
Allow apps to write/update account data
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-31 15:18:25 +02:00
f9d4fa2d38
Rename the method to match what it does
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-31 10:21:18 +02:00
3696ef5b96
Don't allow Notnull for boolean columns
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-31 10:21:17 +02:00
133a6f4fe4
Document the constraints we test against
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-31 10:21:17 +02:00
c98cab137c
Fix exception messages spacing
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-31 10:21:10 +02:00
2212a67fbc
Merge pull request #25961 from nextcloud/enh/events/2fa_provider
...
Add real events for enabled 2fa providers for users
2021-03-30 23:13:36 +02:00
f3738eeff7
Merge pull request #25280 from nextcloud/explicit-file-permissions
...
Set umask before operations that create local files
2021-03-30 21:55:50 +02:00
7c30d1aa2d
Merge pull request #26219 from nextcloud/relative-path-null
...
getRelativePath can return null
2021-03-30 21:10:05 +02:00
be3ae9a44b
gracefully handle deleteFromSelf when share is already gone
...
- handling race conditions
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-03-30 12:59:40 +02:00
602de272c0
Merge pull request #26243 from nextcloud/enh/noid/avatar-privacy-new-scope
...
Avatar privacy and new scope
2021-03-29 09:01:12 +02:00
c8736e7a23
fix return value of Root::get
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-26 21:29:24 +01:00
cc54f718f5
Add known user check in avatar when v2-private scope
...
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-26 13:07:10 +01:00
bb008be28a
Added PlaceholderAvatar with own cached images
...
When avatar scope is private, the PlaceholderAvatar is used to deliver a
placeholder avatar based on the user's initials.
This was implemented as a separate class for now to avoid messing with
the existing UserAvatar implementation and its generated vs
non-generated logic.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-26 13:07:09 +01:00
b73df5846c
Add property scope tests for AccountManager
...
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-26 13:07:09 +01:00
266a6fb5f8
OCS allow reading and writing account property scopes
...
Extends the provisioning API to allow a user to get and set their own
account property scopes.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-26 13:07:08 +01:00
278a73789e
Map old account scope properties to new names
...
Use new scope values in settings page.
Adjust all consumers to use the new constants.
Map old scope values to new ones in account property getter.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-26 13:07:08 +01:00
b81a1c1bdb
Add new v2-private account scope
...
Added new v2-private account manager scope that restricts the scope
further by excluding public link access.
Avatars with v2-private account scope are now showing the guest avatar
instead of the real avatar.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-03-26 13:07:05 +01:00
81fef4ddee
Log when a storage is marked as unavailable
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2021-03-25 16:19:08 +01:00
f97491eb8f
Merge pull request #26285 from nextcloud/techdebt/noid/cleanup-update-events
...
Remove event listener to udpate events that are not present anymore
2021-03-25 11:12:34 +01:00
ad16b19ec7
Merge pull request #21484 from nextcloud/better-forbidden-path-errors
...
show better error messages when a file with a forbidden path is encountered
2021-03-25 09:15:52 +01:00
3388758d04
Remove event listener to udpate events that are not present anymore
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2021-03-25 09:01:09 +01:00
c15172bc4e
Merge pull request #21641 from nextcloud/techdebt/noid/bye-bye-database-xml
...
Bye bye database xml
2021-03-25 08:58:07 +01:00
ab48d5e8cb
Cleanup unneeded code around database.xml
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2021-03-24 22:15:44 +01:00
bb0c50717c
Bye bye database.xml
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-24 20:04:12 +01:00
aee4caed07
show better error messages when a file with a forbidden path is encountered
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-24 17:13:09 +01:00
db0e198fe0
improve type handling of Avatar::generateAvatarFromSv
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-24 17:09:53 +01:00
8a92229485
getStorage can also return null
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-24 14:56:40 +01:00
e8184eaaad
proper error for search results outside user folder
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-24 14:33:35 +01:00
f842608c95
getRelativePath can return null
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-24 14:30:29 +01:00
2074d87d0c
Catch invalid cache source storage path
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-03-24 10:36:51 +01:00
e5dc1a8085
Set umask before operations that create local files
...
this solves issues where "other php stuff" is messing with the umask
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-23 14:52:31 +01:00
1c074e7602
Merge pull request #26198 from nextcloud/unified-search-node
...
Handle limit offset and sorting in files search
2021-03-22 21:48:51 +01:00
Arthur Schiwon
Morris Jobke
Joas Schilling
Christoph Wurst
Julius Härtl
Roeland Jago Douma
Robin Appelman
Christoph Wurst
Joas Schilling
Lukas Reschke
J0WI
Roeland Jago Douma
acsfer
Maxence Lange
Daniel Calviño Sánchez
Vincent Petry
kesselb
John Molakvoæ (skjnldsv)